The use of biometric(s) to control authentication of identity and privilege is hampered by a lack of trust in the intermediary biometric(s) readers, computers, and wireless or wired communications channels. At any point in the communications, or in the reader itself, security and privacy can be permanently compromised (it is impossible to change one's biometric(s) if the biometric(s) are captured by an unauthorized third party). A relying access system cannot know, using the prior art, if the biometric(s) is in fact being read, in real-time, by the person that nominally exhibits the biometric.
One prior art technology is frequently called “match-on-token”. Here, a biometric(s) is collected by the token or externally, during initialization, and the resulting biometric(s) is stored on the card. When a match is required, the biometric(s) is re-sampled by the token and compared on the token. A pass-or-fail comparison of the biometric is thereby computed.
There are serious problems with this prior art.    No token can be made truly physically secure in the hands of a determined attacker. A successful attack yields a copy of the biometric(s) of the owner of the token. Regardless of any encryption, all the necessary data to compare the biometric(s) may be on the token, by definition. Because it is not possible to revoke and change the strong biometric(s) of a user, they end up compromised for life.    A second problem is the “replay attack.” The pass-fail signal can be intercepted at any point in the communication path, and simply played back to gain access.    A third attack is that the token can be modified to merely affirm the pass-fail determination, regardless of the biometric(s) read.    Finally, since the biometric(s) is/are contained on the token, there is no natural fallback when the token is lost if a wholly separate mechanism to recover the biometric(s), identity and privileges is not specified.
In an attempt to deal with these problems, the biometric(s) match tends to be moved further and further back in the processing chain. In all these prior art technologies, the weakness remains in the communication channel. Ultimately, the pass-fail may be made in a central server, thereby suffering from scalability problems, and the pass-fail decision is still subject to attack when it is communicated to the relying party.
Many prior art technologies depend on the use of “encryption”, in order to protect the data in the communication channel. These ultimately suffer the problems of distribution of the symmetric key. Before the biometric(s) data can be used, the data may be decrypted. If the data can be decrypted, the symmetric key may be available. If the symmetric key is available, it can be attacked, and the same set of vulnerabilities exist. The whole issue of key distribution makes the approach impractical and insecure.
Other prior art technologies depend on the issuance of Public key Infrastructure (PKI) certificates using the X.509 standard or an equivalent. This approach is known as Public/Private key. This solution suffers from many of the same scalability problems. The X.509 and the ANSI X.9 standards incorporate a hash function that generates a unique digital signature from a given data set, and establish that only a trusted Certification Authority (CA) could have signed such a signed certificate. Such digital certificates, although of value in authenticating electronic transactions, fail to authenticate a human transactor, for they only authenticate the possession of the private cryptographic key used in the transaction. Since private keys are physically stored on computers or electronic storage devices, they are not physically related to the entities associated with the keys, but instead may be assigned to a group or organization. Private keys are subject to physical loss, theft, or destruction, since they may be stored on physical media in un-trusted locations, and the locking mechanism protecting such keys can be forgotten. Private keys are, therefore, the fatally weak aspect of the use of digital certificates in conjunction with biometric(s) to perform authentication.